[RFC] Enhance backtrace for microsoft system DLL calls

Pedro Alves pedro_alves@portugalmail.pt
Mon Dec 10 17:37:00 GMT 2007

Hi Pierre,

Pierre Muller wrote:
>   I had troubles when trying to backtrace
> when the debugge was stopped
> inside the windows DLL's.
>   After some investigation, I
> found out that many exported routines
> from the Microsoft operating system
> start with a no-op assembler instruction
> 'mov %edi,%edi'.

That's placed there for hot patching, together with 5 bytes of slack before the
function (the idea is to be able to replace that 2 byte op with a jump to
5 bytes back, and patch the 5 bytes with a jump into anywhere in the
32-bit address space.)

Something like:

    nop                            |
    nop                            |
    nop                            |  hot patching
    nop                            |  support
    nop                            |
    mov    %edi,%edi               |   <-- function start
    push   %ebp                    |
    mov    %esp,%ebp               |  frame setup
    sub    $0x18,%esp              |  locals, ...

Could you add a comment explaining that as well?

>   The main question is whether this patch is acceptable
> for gdb as it is in a i386 common file, while
> it most probably only applies to MS operating system.
>   The problem is that I found no other location where
> this could be done, but maybe someone in the list
> has a better overview and a good idea where to put that.

You can put a flag in i386's gdbarch_tdep (look in
i386-tdep.h, and i386-cygwin-tdep.c).

Pedro Alves

More information about the Gdb-patches mailing list